I saw an intriguing post the other day by Jennifer Schiffer on WordPress, themes and the GPL. She linked to a video of Matt Mullenweg (one of WordPress’ lead developers) who was talking about why WordPress was a GPL product (short answer: they didn’t really have a choice because WP is based on b2, which was GPL) and, more specifically, was talking about why themes and plugins are also then GPL.

The truth of the matter is that the GPLv3 is a very restrictive license, in as much as it’s also a harbinger of freedom. The GPL was written in a way to specifically retain the freedoms it grants through successive iterations of a particular product, or its add-ons. This means that if you like a GPL product, develop a derivative work, a modification, a plug-in or any other type of add-on, the resulting work is also going to be covered by the GPL (you do not have a choice in this).

“You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License.” – Section 10 of the GPL

This means that unless the WordPress GPL (yes, they’re specific by product… you can ADD restrictions if you want… so no 2 GPL’d products are necessarily identically licensed – we’ll talk about this in a minute) allowed for a theme developer to restrict the distribution of a theme, a theme developer isn’t allowed to add that restriction on their own. Your development on a GPL product inherits the license of the original product.

Inheritance is a powerful concept because it creates license congruity, ad infinitum, for all downstream works of the original code. It would be extremely difficult to manage license compliance if WordPress had one license, but a plug-in had a different one.

But there’s apparently a wonderful new theme available for WordPress called Thesis. Its developer sells two several different versions of the theme (selling under the GPL is fine). The problem comes to light when you look at the options:

“You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.”

and Section 6:

“Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients’ exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.”

(Note that v2 and v3 of the GPL are vastly different animals… and v2 was actually more in the realm of “free as in free beer” than v3, which touts freedom as “free as in free speech, not free beer”.)

So, in fact, the Thesis theme, as a WordPress derivative work, is bound to the GPLv2 license that WordPress is licensed under. As such, even the sale of the theme is a problem, as are the one-site-only restrictions and the “can’t re-sell” restrictions. Note: the footer link restriction is probably fine, as it could qualify as the attribution allowed under the GPL. Additionally, it could be argued that the fee charged is for the “physical act of transferring a copy” as allowed by Section 1 of GPLv2, but even then, the remainder of the unauthorized restrictions are still problematic.

But who is going to do anything about this violation? Who has the right to enforce the license? WordPress? The folks at b2 (WordPress’ predecessor)? Any particular end user? Technically, it’s the folks at WordPress who have the right to enforce their license upon theme and plug-in developers. They have the ability to potentially even sue to prevent a rogue developer from violating their license with WordPress [though I’m guessing that a theme developer is going to try to argue that a theme isn’t a derivative work or a modification]. But this is inherently difficult. So instead, WordPress is taking a slightly different tack. They’re going to create a Theme Page on the main WordPress website which only lists themes that follow the GPL (by the way, all derivatives have to be GPLv2 licensed, as the WordPress license doesn’t allow for newer versions of the GPL to apply). I’m guessing that Thesis won’t be listed.

I posted the question on Twitter the other day: “How does the SPA have the authority to audit software license use? In thousands of licenses I’ve never given them that right.”

I was looking for some insight that I might have missed. In the world of contracts, your license actually will specifically state who has the ability to audit your license usage (if they have the right at all). And in the world of law, the term “standing” is used to show who actually is allowed to raise a particular issue (via the courts, etc). So the SPA/BSA/SIIA (SIIA is their current incarnation) (or any other third-party “enforcer”) wouldn’t have the legal right to ever come in and audit your software license use unless there’s language in the license that allows for such audit.

Even general audit language is probably safe to prevent the SIIA from knocking on your door one day. Typical audit provisions include:

explanation of who can come to audit (it usually says that the vendor has the right to audit)

time-frame of any audits (I typically am very clear to limit audits to 1 time per calendar year)

notice for audits (even bad audit language usually says that the vendor has to notify the licensee of the intent for an audit)

who besides the vendor can come audit (if 3rd parties are allowed, I limit to a “big-four” accounting firm and have NEVER been challenged on this limit)

The result is that even with not-so-favorable audit language, I simply don’t see how the SIIA has any right to come and perform an audit, let alone try to sue a licensee for license violations (again, any license that has “no third-party beneficiary” language in it could be used to very clearly show that the SIIA doesn’t have any rights with respects to the license).

Additionally, it’s been suggested that there are two other routes to allow such an audit: the “source” (the licensee’s employee who reports a violation) and the potential for an assignment of audit rights. As for the source person, unless they’re also the person in the company who can allow someone to come in, that individual probably doesn’t have internal authorization to allow the audit to happen – so I find this unlikely. The assignment of audit rights potential does exist, and contracts that have poor assignment language could potentially allow the vendor to assign their rights to someone else (and, in fact, it appears that the SIIA attempts to use an assignment of rights in this manner). So it’s conceivable, but I’ve never seen the language used in that way.

At the end of the day, the lesson is this:

Have strong audit language which clearly states who can perform the audit, on what time basis they can audit and what the results would mean (ie: usually you don’t have to pay any form of penalty unless usage exceeds 10% of the licensed quantity – but you’ll always have to pay for the difference in usage). Include notice provisions and be very clear about whether the vendor can outsource their auditing… many will use large auditors, which is fine, but you don’t want Andy’s Audit Shack to be performing the audit. Lastly, if you’re maintaining any kind of uber-confidential information (like SSN’s, bank account numbers, etc), then I would also be clear about what kinds of auditing tools can be used to complete the audit, as many vendors like to install their own auditing software onto your network.

Have clear assignment language which prevents EITHER party from assigning the agreement without the other party’s consent (not to be unreasonably withheld, if you so choose): “Neither party may assign or otherwise transfer this Agreement or any of the rights hereunder, without the prior written consent of the other, which consent will not be unreasonably withheld or delayed.”.

OK – so you’ve done the prior two things and the SIIA comes knocking (physically or with a letter requesting/demanding an audit). What do you do? Simple. Deny them access – in writing. They’ll threaten, similar to the Big Bad Wolf, to huff and puff and to blow your house down. But if you’ve got things properly documented, the SIIA simply doesn’t have the legal right to audit. It doesn’t matter whether the vendor they’re supposedly auditing for is a SIIA member. It doesn’t matter if they claim to have permission. (Oh, and interestingly enough, if they name names and tell you which vendor sent them to you, I would check your license agreement with that vendor because many vendors like to include confidentiality restrictions which prohibit either party from even identifying the other.)

Now, regardless of everything I’ve just told you, I also firmly believe that you should always be 100% compliant with your contractual obligations. So use some form of license management tool to know that you’re only using what you’re licensed to use.

I know, I know… welcome to the 20th Century, Jeff. I was waiting for my publishing “house”, Lulu, to allow for an eBook edition, and we’ve finally got it.

So, if you have been waiting for the eBook version of the Software Licensing Handbook (I’m matching Amazon’s price for the paper version, so get it cheaply now), you can get it here.

The Licensing Handbook Blog is the companion site to the Software Licensing Handbook. Covering licensing topics on a regular basis, Jeffrey Gordon attempts to offer advice, add humor and sometimes even a bit of wit to a practice that most people find abhorrent – namely, reading a contract from start to finish. Follow me on Twitter if you want up-to-the-minute information on contracting, licensing, negotiation and the law.

Over on her Ask a Manager blog, Alison Green today discussed those personality traits which force you into certain behaviors, resulting in career choices that are almost imperatives. It’s an interesting thought – are there things that you MUST do to satisfy your own internal itch? But then I started thinking about how that would affect the world of negotiation and it ties back into a conversation thread that’s been started many times: are certain people more predisposed to being better negotiators? And, on the flip side, are there people who shouldn’t, under any circumstances, be the negotiator for your firm/organization/self?

Typical negotiation trainers (Karrass, for example) predicate their training materials on the belief that anyone can learn how to negotiate. Even my favorite professional negotiator, Herb Cohen promises in his book that “You, too, can negotiate anything!”. But don’t let the razzle-dazzle fool you. The honest truth is that while everyone can learn techniques to increase their negotiation skills, not everyone can be a good negotiator.

“Wait!” you yell at me – “YOU offer negotiation training, too. Aren’t you just taking people’s money like everyone else?” Woah. I’m not rendering judgment on the value of the service offered by negotiation trainers… lots of the material learned in these courses is excellent stuff. Heck, even bad negotiators can improve by learning my Five Fundamental Skills for Effective Negotiation. What I’m saying is that a prospective negotiator needs to be introspective enough to know whether they’re a good negotiator (and sometimes, it’s even case-specific).

So then, what makes someone NOT a good negotiator? Well, as I just said, it can sometimes be case-specific – I, for example, shouldn’t negotiate the purchase of my own house or car… I’m too emotionally invested in the result. But more generically, bad negotiators are:

ignorant (choosing to be without knowledge – would rather shoot from the hip)

overly-emotional (it’s one thing to be “disappointed” in a result… another to be “sad”)

hot-tempered (NEVER lose your cool – in fact, keeping cool when the other side is purposefully pushing your buttons is a great skill to have)

impatient (negotiations can take a LOT of time and you have to be willing to wait things out)

know-it-alls (the flip-side of ignorance is just as dangerous)

What am I saying, then, if you have these tendencies? Well – either alter your personality (which proves quite hard for the bulk of the population) or find someone else to do the negotiating. Remember that bullying someone (which is what a lot of these traits manifest as during a negotiation) won’t get you what you desire and might leave you worse off than when you started.

Oh – you don’t like the implication that everyone can’t be a great negotiator? Blast me in the comments.

Yes/No. Yin/Yang. Right/Wrong. It seems as if there are a lot of ways to say that in many decisions, we have two basic potential responses (and many other shades of gray in between). Answering “Yes” almost always involves more work, more responsibility and more hassle. So why don’t we choose “No” more often?

As human beings, there is research to suggest that we want to generally appease others at a very fundamental level. This isn’t about conflict management, it’s simply about survival and the power that comes with “the return of the favor.” It’s even got a political science term that sounds awfully legal: “social contract” – that the individual give up some flexibility of behavior in favor of the larger societal good. But realize that there is a quid pro quo here, we expect something in return.

It’s important, however, to learn the power and value of saying “No.”

At your individual level, “No” might mean that you have more time to devote to your already-full plate of things you’ve said “yes” to. At the societal level, “No” means that you are recognizing participatory limitations – that you believe that you have already contributed (or are contributing) to the “group” (however you would like to define it at that particular moment). Without realizing it, you actually do a form of “hedonistic calculus” to determine the effect of saying No and formulate defenses in the event you’re challenged.

But it’s not wrong to say No – and there are a lot of benefits to saying “No” with compassion and clarity.

While you may be refusing someone something that they want, and as I reminded someone the other day, you’re no good to anyone (including yourself) if you’re not able to do what you have already committed to do. Saying “No” is a defense mechanism and allows you the ability to regulate your workload. But, it’s also a starting point (as pointed out by Jim Camp in “Start with No!”) in that only if you say “No” do you have a place to begin a conversation.

Which means that from a negotiation perspective, “No” is a wonderful way to begin when asked for any settlement. Camp believes that it’s the ONLY starting point – and he says on his website that starting with no is to “gain control of the deal.” Whether you believe that’s true (or even if you want control of the deal), he is right that without saying “No”, there isn’t a conversation or negotiation at all – saying “yes” is merely a statement of agreement.

Saying “No”, however, doesn’t have to be done in a mean spirited manner and doesn’t have to be used with force. Rather, the manner in which you say “No” can convey almost any conceivable emotion and can even foster a reciprocal compassion for your need/desire to say “No.” For example, I was asked the other day to complete some new work for an old client on a quick-turnaround basis.

I responded saying that while I wanted to complete their project, I didn’t have time to get it done on their schedule because I was going on a babymoon with my wife. In other words, I said “No.” But of course, I didn’t only say “No.” My next sentence was to give them the option for me to complete the project upon my return. When they learned that my wife and I were expecting and because they understood the desire to take a last vacation before the baby arrived, they were sympathetic to my reason for saying No – and in fact, their time schedule really wasn’t as inflexible as they first made it appear. In the end, I will get to enjoy my babymoon, I will complete their work promptly upon my return and they’ll have their needs met as well. [By the way, the ability to say No is founded upon proper use of Information Gathering skills.]

By saying “No” I was actually able to get everyone what they wanted. Try it yourself and let me know how it works in the comments!

The Licensing Handbook Blog is the companion site to the Software Licensing Handbook. Covering licensing topics on a regular basis, Jeffrey Gordon attempts to offer advice, add humor and sometimes even a bit of wit to a practice that most people find abhorrent – namely, reading a contract from start to finish. Follow me on Twitter if you want up-to-the-minute information on contracting, licensing, negotiation and the law.

large organizations who can benefit from strategic advice to bolster their internal staff resources.

So, if you or your organization have been considering contract renegotiation strategies or mitigation work based on risk management assessments, now might be a perfect opportunity to take advantage of the current economic situation. Additionally, I can provide a VMO-in-a-box (the creation of all things necessary for the implementation of a vendor management office) or simply act as a sounding board to make sure that you’re extracting all of the value possible from each deal.

The Licensing Handbook Blog is the companion site to the Software Licensing Handbook. Covering licensing topics on a regular basis, Jeffrey Gordon attempts to offer advice, add humor and sometimes even a bit of wit to a practice that most people find abhorrent – namely, reading a contract from start to finish. Follow me on Twitter if you want up-to-the-minute information on contracting, licensing, negotiation and the law.

These are the discussions that happened around the web this week – maybe you already read about them, maybe you need to again. Come join the party on twitter (follow me here and you’ll participate in the conversation live.)

I also realized that many of you might have no idea what you’re seeing below. Sorry. These are “tweets”, 140 maximum character messages sent via Twitter. Within the Twitterverse individual users follow others and have followers (think of it like overlapping Venn diagram circles). To read a tweet, you have to wade through a bit of jargon used to make the most of the 140 character limitation. “RT” for example, is shorthand for “Re-tweet” and the @____ is the username of some other individual on Twitter. Combined together, then, “RT @_____” means that someone else wrote a tweet that I found important and I now want to forward along to my followers. The URL’s are then also shortened by shortening services like bit.ly to make the most of the character limitation, too. Lastly, you might see “hash” identifiers “#______” which are ways to tag tweets of a particular flavor for easy searching later and “<” which means that I am commenting on what came before it.